Over a decade of DDOS--any progress yet?

Jack Bates jbates at brightok.net
Wed Dec 8 16:17:44 UTC 2010



On 12/8/2010 10:13 AM, Drew Weaver wrote:
> The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network.
>
> It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..)
>
> What valid application actually uses UDP 80?
>
> You could literally wipe out a large amount of these attacks by simply filtering this.
>
> -Drew

You mean silly things like:

Warning, it is an 87160 line flow capture.

http://www.brightok.net/~abuse/ddos/flows.txt


Jack




More information about the NANOG mailing list